Microsoft Advanced Threat Analytics is a great tool you probably already own whether you know it or not, but all the talks on it have been about setting it up in a lab environment...Until now! This talk will be a totally unbiased, non-vendor speak look into experiences successfully implementing ATA in a large production environment, including what ATA is and is not, architecture, installation, tuning, and how to avoid certain "gotchas" along the way.
Abstract:
- Introductions/Why give a talk on ATA?
-An overview of Advanced Threat Analytics (What it is, and what it is not)
-ATA architecture
-ATA Center overview, deployment guidelines, and security considerations
-ATA Gateway architecture and deployment
-Overview of ATA incidents, reports, rules, behavioral analytics, and tuning.
-Advanced usage of the ATA database for threat hunting
-Troubleshooting and getting help
-ATA alternatives for non Microsoft shops
-Time for questions/comments